News

15 February 2018

Eternal patching continued

Following recent discussions and last years threat landscape it should be obvious that patching against MS-17-010, the exploit used by the NSA EternalBlue and published by the Shadow Brokers should be a no-brainer.

If you need another reason to install that patch, please read this article in SCMagazine about patched versions of the EternalSynergy, EternalRomance and EternalChampion exploits that researcher Sean Dillon has developed. The exploits mentioned were not as widespread before as they did not work on recent versions of Windows. However, Dillon has managed to successfully exploit Windows 10 with the afore mentioned exploits.

Be sure to patch your systems in a timely manner or mitigate unpatchable systems by limiting lateral movement and deploying rigid access control for vulnerable systems.

06 February 2018

WannaMine: the return of EternalBlue for crypto mining

If you have not been noticing the cryptocurrency hype in late 2017, you have probably been living under a stone the last months. Markets were exploding, people invested heavily in cryptocurrencies and nobody is sure if we are seeing a bubble or not.

However, creative malware authors are using the valuation of bitcoin to bring mining software to the masses. Of course without the masses knowing about it and in the form of a recently discovered malware that is containing the main part of the WannaCry malware variant from 2017, the well known NSA Eternal Blue Exploit. The new malware variant uses this to its advantage and begins to mine Monero coins (which seems to be the preferred currency for malware miners nowadays, more on that below). The malware is file-less and uses Powershell and WMI permanent event subscriptions to persist itself in the system, so it will be hard for standard antivirus to detect the malware.

01 February 2018

The perfect 10, Cisco WebVPN!

I have to admit that when I first time heard about SSL based VPN, I was very sceptic about it. It was way too easy to use and it seemed too flexible for a security product. Then later an even more flexible way was invented, a WebVPN. A secure remote access using your web browser to connect through a user validation to the secure network. This invention allows us to connect without any additional software just by using our web browser.

How much trust do you need to add on the table to convince that this functionality is safe? You are depending on too many 3rd party technologies (i.e. HW, OS, Browser, SSL, User) out of your control. Securing this concept is a huge if not even impossible task, but still, it is trusted and used widely to provide trusted remote access to secured networks.

30 January 2018

Malvertising: The role of dynamic content and ad networks in the propagation of malicious code

Malvertising – the spreading of malware or fraudulent content through malicious ads on otherwise trustworthy homepages – is not only persistent but also growing as recent articles from Motherboard [1] and Ars Technica [2] suggest, both refering to a report from Cyphort as their primary source. The increase in delivery of malicious ads poses an imminent threat to users on the Internet. Ars Technica emphasises that one consortium only, consisting of 28 fake ad agencies, was able to reach 62% of ad monetized websites on a weekly basis.

Some 20 years ago, it was fairly common among security-aware users to disable the processing of scripting languages such as JavaScript in their browsers to mitigate pop-ups and other annoying behaviour. Back in these days, these scripting languages on webpages hardly ever served any useful purpose. This was especially relevant for users of Microsoft‘s Internet Explorer, where „scripting“ also included processing of VBScript and ActiveX, which opposed to JavaScript could access the filesystem [3]. Back then, the web was fairly static and interactive and dynamic content, where JavaScript and other scripting languages play a major role, was of subordinate importance.

05 January 2018

New powerful microarchitectural attacks threaten all modern CPUs

Two new attacks Meltdown and Spectre have been announced that can be seen as a new class of attacks that make use of so called microarchitectural features in modern CPUs. What makes these attacks special is that they do not exploit a bug in software, but exploit how modern CPUs operate and have been operating for many years.

The complexity of modern processor has been ever increasing to a degree that it is extremely hard for a developer to understand how and in what order instructions are executed on the CPU. Techniques such as out-of-order execution, branch predictions and multiple levels of caches have been integrated in modern CPUs for many years and have been constantly refined. This resulted to great improvements in computation speeds. That this speed optimization can also cause security issues has also been known. For example, implementing cryptographic algorithms on modern CPUs that do not leak sensitive data over so-called timing side-channels has been a major challenge for years. Several academic papers also showed that microarchitectural features such as shared caches can lead to significant data leakages between different processes running on the same CPU or even on multiple CPUs (see e.g. CSAW07, usenix14, or SP15).

19 December 2017

The year in cyber security

We are nearing the end of 2017 and a lot has happened in cyber security. One fact is that people have accepted cyber security and the connected risks as something that will naturally happen. We will see if this will lead to more consolidated efforts in strengthening your security posture or if people will get overwhelmed by the shear amount of attacks and risks they are being exposed to.

Quick facts about 2017

More than 530 publicly disclosed data breaches (source) with Equifax being one of the biggest breaches (143 000 000 records)

Ransomware strikes back, including WannaCry, Petya, Bad Rabbit. The damage is up 15x in two years as global damages are expected to exceed $5 billion in 2017

New botnets and IoT botnets on the rise, for example Reaper

Breach data shows the new way of influencing votes and elections with two massive breaches exposing US voter data collected during campaigns

14 December 2017

Analogy between biology and IT Security: remaining hidden thanks to surface mutations

Biology and IT security share many mechanisms. One of them is the way and benefit to remain hidden from the outside world by modifying the entity’s external surface (“surface mutation”): a parasite will try not to be recognised by the immune system of the host it is invading, while in IT security an approach is to ensure that the network, devices and data to be protected remains invisible to an external observer. In the first case, hiding allows the parasite to spread in its host, while in the latter case, hiding protects from attacks, decreasing the attack surface. Of course, attackers use mutations as well to stay undiscovered by antivirus or malware protection and to evade firewalls and IDS systems.

Following infection by a parasite, the immune system of the infected organism (the “host”) develops antibodies specific to some molecules of the parasite to which the host is exposed. Thanks to these antibodies, the host can identify the presence of the parasite in its body, and fight against it. In the case of parasites living inside the body of organisms, the antibodies often target proteins of the external membrane of the parasite.

07 December 2017

IBM builds a 50 qubit quantum computer - is this the end of RSA?

IBM announced in November that it has successfully build a 50 qubit quantum computer. IBM also announced a 20 qubit quantum computer that will be available for clients to use and experiment on. This is quite a leap forward from the 17 qubits systems currently available and highlights the big improvements currently happening in this area.

Quantum computers work completely different than traditional computers. Instead of working on bits that can be either 0 or 1, quantum computer work on qubits that can have a so called superposition which contains significantly more information than a simple bit. With the “strange workings of quantum mechanics” a quantum computer can use this significant amount of information within a qubit to run specific algorithms such as Shor’s algorithm that can solve some problems exponentially faster than a conventional computer.

04 December 2017

Next generation fighter for the Swiss air force

The current capabilities of the Swiss Air Force will come to the end of their useful life, according to the head of the Federal Department of Defence, Guy Parmelin. When it comes to fighter jets, the 30 F/A-18s can still be used until 2030, while the 53 F-5 Tiger fighter aircraft are already no longer suitable for operations.

In consequence, the Swiss Federal Council wants to buy new fighter jets and ground-based air defence systems for the Swiss Air Force with total costs of 8 billion Swiss Francs. The Swiss Federal Council has not discussed the number or model of the aircraft, but one of the possible candidates will be a fifth-generation multirole combat aircraft from the United States.

23 November 2017

Impressions on RSA Conference in Abu Dhabi 2017

_cyel made it to the RSA Conference Abu Dhabi 2017 as a Silver Sponsor. The atmosphere in Abu Dhabi was amazing, and we had a great, very central booth at the conference. After a successful start last year we were able to showcase our progress with _equilibrium in the UAE.

We engaged in many enriching conversations, and gathered opinions from local companies and customers about how they see today's threats and how they try to counterbalance newly evolving and emerging threats.

20 November 2017

A database of state sponsored attacks

Before Stuxnet, the release of Edward Snowdens NSA files and the publication of the NSA toolset released by the Shadow Brokers the security scene was rumoring and suspecting states to sponsor cyber attacks and doing tailored operations against states and enterprises.

After the release of the NSA files everyone was shocked by the amount of work put into cyber attacks and surveillance and the evidence that our wildest imaginations actually have been exceeded by the reality.

16 November 2017

cyel awarded Best Swiss Network Security Solution 2017 by GDS

_cyel is a Swiss company delivering provable network security through software-defined networks that are fully compatible with legacy infrastructure. CEO Jaume Ayerbe tells us more about the firm and its recent success.

Cybersecurity today is essentially a game of cat and mouse: the attackers are always a step ahead of the defenders. _cyel was formed to rebalance this asymmetric competition. The firm’s awarded network security solution, _equilibrium, delivers on that promise. Despite being pretty young as a company, _cyel comes with an experienced team in all critical functions; plus, its extended team reaches out to all the key geographies. Jaume explains what is affecting the industry at the moment and how the company works hard to solve these difficulties.

13 November 2017

Analogy between biology and IT Security: life cycle of viruses

Viruses, whether considered from a biological or an IT perspective, play an important role in our daily lives. They share many characteristics, and among them, their life cycle.

In a biological context, viruses are entities composed of a genome in a protein shell (capsid) surrounded, in some types of viruses, by a membrane. They need to penetrate a living cell (hosting cell) to be able to replicate. Computer viruses, as other types of malware, need to insert their own code in other computer program in order to replicate and execute themselves.

As we already see here, both types of viruses cannot replicate in an autonomous manner. Therefore, the first challenge of viruses is to reach their hosting organism, or hosting IT system. Hence, a successful infection mechanism is key to their success.

25 October 2017

How #badrabbit reminds us to stay alert on ransomware

Another month, another ransomware attack it seems. Reports go out that a new variant of a well known Ransomware is out and spreads via drive-by downloads. The ransomware is labeled BadRabbit and asks to install an update to Adobe Flash Player that then drops a file (seemingly this is a Win32/Filecoder variant).

After that your computer is locked and the usual bitcoin ransom is being asked for.

07-08 November 2017

up-coming RSA Conference in Abu Dhabi

_cyel is eager to return to the RSA Conference in Abu Dhabi, the leading information security event in the Gulf region, to meet with new customers. This year, we will be joined by SBA, our local partner.

It has been almost a year since we last met at the Emirates Palace during the RSA Conference 2016. This year we will be Platinum Sponsor once again, and we would be pleased to see you again.

05 October 2017

cyel at Telefonica's Security Innovation Day 2017

Our CEO, Jaume Ayerbe, will be a guest speaker at the fifth edition of the Security Innovation Day 2017 organised by ElevenPaths, the cybersecurity unit of Telefonica. Keynotes will be presented by Mikko Hyppönen, Chief Research Officer at F-Secure, and Chema Alonso, Chief Data Officer at Telefonica.

Our company will have the opportunity to introduce our ground-breaking innovation, _equilibrium, a network security solution that rebalances the equation between defenders and attackers reversing the odds.

10-18 August 2017

Proof of Concept in Singapore

In August, _cyel was in Singapore to run a Proof of Concept for a major Telecommunication company. The PoC set-up allowed to experience how the technologies used in our product, _equilibrium, operate to secure an entire network.

Through a Software Defined Network implementation, we are able to define Smart Zones independent of network constraints, like IP addresses or VLANs, to reflect on Business Risks and to flexibly adapt on the fly to changing requirements, making our moving target security solution unique. Giving customers an edge to rebalance the game against ransomware and other threats.

23 May 2017

Executive Breakfast in Bogota

In partnership with Olimpia IT and our parent company Dreamlab Technologies, _cyel had the opportunity of addressing a number of executives gathered to learn about the latest trends in cybersecurity.

The breakfast was hosted by Daniel Medina Salcedo, General Manager of Olimpia IT, a company of the Colpatria group. He introduced Fabien Spychiger, Regional Director of Dreamlab Technologies for Latin America.

24-26 April 2017

_Security Insight Summit

Over the course of two days our executive team had the privilege to exchange thoughts with CISOs from top European organisations. From Governments, to Financial Institutions or Manufacturing entities all share the growing concern over cybersecurity.

Over the course of two days our executive team had the privilege to exchange thoughts with CISOs from top European organisations. From Governments, to Financial Institutions or Manufacturing entities all share the growing concern over cybersecurity.

19-23 February 2017

_IDEX Conference Abu Dhabi

_cyel had the privilege to be an exhibitor at the 2017 edition of the IDEX Conference, which unites Defence Ministers, Chiefs of Staff, senior commanders from the Armed Forces, government officials, senior decision makers and other commanding officers from international militaries. _cyel took part at the show as a guest of our parent company Rheinmetall AG of Germany.

13-17 February 2017

_RSA Conference San Francisco

In February 2017, _cyel was proud to be part of the RSA Conference held in San Francisco, the word largest cybersecurity event, which welcomed over 43,000 attendees this year!

This was a great opportunity to introduce our product, _equilibrium, to the US market. We enjoyed meeting with a wide range of US-based customers, but also with delegates from Europe and other regions all around the world.

15-16 November 2016

_RSA Conference Abu Dhabi

_cyel was a proud sponsor of the RSA Conference Abu Dhabi 2016, held at the Emirates Palace in UAE. We felt very welcomed in our very first show and would like to extend a thank you message to the organising team.

Over the course of the conference we had the opportunity to connect with many of the delegates to the event, certainly bringing a paradigm shift to the busy market of cybersecurity is not easy, but then the Gulf region is under major cybersecurity pressure; as reported by the Ponemon Institute [1], the region has the largest average number of records lost or stolen (30% above global average).